[email protected]

Bugfix: Double backslashes were treated as two simple backslashes one after the other, causing the sanitizer to delete all backslashes in the math block.

[email protected]

Includes fixes from [email protected]

[email protected]

• Fix footnotes inside titles by using \protect also for references

[email protected]

• Includes fixes from [email protected] and [email protected]
• Fixes Sentry error handling

[email protected]

• Do not take account of empty pings

[email protected]

• Fix math sanitation

[email protected]

Security fixes

• Security (RCE) : forbid any \end{CodeBlock} command from inside CodeBlocks themselves (included in 10.1.3)
• Security (LFI) : replace invalid pathes with a default image (included in 10.1.3)
• Security (SSRF) : prevent images downloads from local IP ranges (included in 10.1.3)
• Security (RCE) : filter the authorized math commands to a given list
• Security (RCE) : escape the content of abbreviations

LaTeX

• Important : Align table headers left instead of centered
• Minor : Restore a correct behavior for footnotes, but remove linking
• Minor : Fix tables column width so that tables take the whole page

Miscellaneous

• Important : Switch the project to NPMv7. Should not break dependants
• Important : Uses details/summary HTML tags for spoilers
• Minor : Better parsing for pings, now only break on line break and spaces
• Minor : Allow calling LaTeX endpoint without options
• Minor : Do not add line numbers to one-line code blocks
• Minor : Drop Node 10 support

[email protected]

• Important : change the ping parser to allow Unicode characters in the simple syntax

[email protected]

• Security (LFI) : replace invalid pathes with a default image (included in 10.1.3)
• Security (SSRF) : prevent images downloads from local IP ranges (included in 10.1.3)
• Meta : stop using legacy APIs

[email protected]

• Minor : Allow default block title